|
Bugzilla – Full Text Bug Listing |
| Summary: | bsm auditing is not transparent when not avaible to sudo in solaris | ||
|---|---|---|---|
| Product: | Sudo | Reporter: | buggenhout.kris |
| Component: | Sudo | Assignee: | Todd C. Miller <Todd.Miller> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | low | ||
| Version: | 1.7.4 | ||
| Hardware: | Sun | ||
| OS: | Solaris 2.x | ||
Thanks for the report. I've made a change to the source repo that should work with both Solaris BSM and OpenBSM. It will be part of sudo 1.7.5. The first beta rlease of sudo 1.7.5 is now available http://www.sudo.ws/sudo/dist/beta/sudo-1.7.5b1.tar.gz Fixed in sudo 1.7.4p5 |
enabling bsm auditing in the build breaks sudo functionality when the auditing framework is not configured. the function call bsm_audit_failure contains a check in bsm_audit.c .... if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { if (errno == ENOSYS) return; log_error (0, "Could not determine audit condition"); .... Solaris does not return the error ENOSYS but EINVALID when audit is disabled or not set up. in this case sudo refuses to allow the sudo to pass as it is in an error state not recognized. adding EINVAL as possible error, maybe it would be more elegant to make it platform dependant but this is a quick fix. ..... if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { if (errno == ENOSYS || errno == EINVAL) return; log_error (0, "Could not determine audit condition"); ..... with this small enhancement, sudo works transparantly wether auditing is enabled or not. krgrds, Kris